- Vuln: Mahara Resume Blocktype Cross Site Scripting Vulnerability
- Vuln: Mahara Admin Password Reset Security Bypass Vulnerability
- Vuln: Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities
- Vuln: Multiple Horde Products Cross-Site Scripting Vulnerabilities and File Overwrite Vulnerability
- Vuln: Mod_Perl Path_Info Remote Denial Of Service Vulnerability
- Vuln: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
- Vuln: FreeBSD 'fifo_vnops.c' Resource Leak Local Denial of Service Vulnerability
- Vuln: Citrix NetScaler and Access Gateway Denial Of Service Vulnerability
- Vuln: PDFLib 'open_basedir' Restriction Bypass Vulnerability
- Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
Search
Search Result
-
Security 2009 report
Category: Network Security & Hacking News/Latest Security News
... of an individual, it is very easy and quick to determine if the one typing is the right person. So for identification purposes, his research is truly promising. Security_2009 I'd like to ...Friday, 06 November 2009 -
Battle of the anti-virus: What is the best software?
Category: Network Security & Hacking News/Latest Security News
AV-Comparative.org recently released the results of a malware removal tests with which they evaluated 16 anti-virus software solutions:Avast Professional Edition 4.8AVG Anti-Virus 8.5AVIRA AntiVir Pre... ...Friday, 06 November 2009 -
Fragus exploit pack’s pricy business model locks users in
Category: Network Security & Hacking News/Latest Security News
... is a big – real big – money maker for cybercriminals. A person willing to give up $800 is willing to accept a lot of risk and much like the stock market, the more risk you take on, the bigger the rewards. ...Friday, 06 November 2009 -
FTC Says Bloggers Must Disclose Freebies
Category: Network Security & Hacking News/Latest Security News
... Acme Co. And all I got in exchange was a free widget.” The good standby, “Paid Product Review,” should work fine (if you have no personality). Be Conspicuous: If you choose to take the ...Wednesday, 04 November 2009 -
NOW LIVE! McAfee Online Support Community
Category: Network Security & Hacking News/Global Security News
The McAfee Online Support Community gives you a way to interact with other McAfee business users to ask questions and share best practices. Additionally, you’ll be able to talk with McAfee professionals ...Wednesday, 04 November 2009 -
IT professionals don't use Facebook for work
Category: Network Security & Hacking News/Latest Security News
79 percent of IT professionals use social networking sites such as Facebook and YouTube, while the rest do not use social networking sites at all, according to a recent CompTIA survey. Most IT prof... ...Tuesday, 03 November 2009 -
Smoking (Cloud) Crack
Category: Network Security & Hacking News/Latest Security News
... If you don't have the secret key, your options for recovering the encrypted content are mathematically tantamount to nil. If you do have someone's secret key file, that person did something very wrong ...Tuesday, 03 November 2009 -
Fundamental Failures With Incident Response Plans
Category: Network Security & Hacking News/Latest Security News
... a data breach. Security folks have an innate desire to learn what happened to others so they can prevent encountering the same fate -- or so they say. However, after personally investigating hundreds of ...Tuesday, 03 November 2009 -
Tentative Speaker List for SANS Incident Detection Summit
Category: Network Security & Hacking News/Latest Security News
Thanks to everyone who attended the Bejtlich and Bradley Webcast for SANS yesterday. We recorded that Webcast audio is now available) to start a discussion concerning professional incident detection. ...Tuesday, 03 November 2009 -
MIT's attack on EC2 an academic exercise
Category: Network Security & Hacking News/Latest Security News
... can be found on my personal blog. Check http://chenxiwang.wordpress.com/category/cloud-security/. What this attack highlights is that the security of cloud computing has everything to do with security ...Monday, 02 November 2009 -
Summarizing Zero Day's Posts for October
Category: Network Security & Hacking News/Latest Security News
The following is a brief summary of all of my posts at ZDNet's Zero Day for October. You can also go through previous summaries, as well as subscribe to my personal RSS feed or Zero Day's main feed. Notable ...Monday, 02 November 2009 -
Interesting Information Security Bits for 11/02/2009
Category: Network Security & Hacking News/Latest Security News
Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web. A very good article on an issue that we need to think about as those ...Monday, 02 November 2009 -
The Pavlovian yes box
Category: Network Security & Hacking News/Latest Security News
... of how to perform a task and to understand why it works. To train someone on a subject only gives them part of that equation. A person who has been trained on a subject only knows a process to accomplish ...Monday, 02 November 2009 -
Tenable Network Security Podcast - Episode 10
Category: Network Security & Hacking News/Latest Security News
Welcome to the Tenable Network Security Podcast - Episode 10 Announcements New blog post "Defeating Zombies: Five Ways To Improve Defenses" Tenable placed 270th on the Deloitte Fast 500 2009 list, Nessus ...Monday, 02 November 2009 -
Malware Conceals Itself as Boss’s Letter
Category: Network Security & Hacking News/Latest Security News
... to Malware FAKEAV Uses Conficker Worm as Bait Users are advised to be wary in opening any attached file even if it comes from a person with authority or ‘boss’. Trend Micro users are protected ...Monday, 02 November 2009 -
Announcing Into The Boxes – E-Magazine
Category: Network Security & Hacking News/Latest Security News
I have been a little busy of late. Work, family, and a few side projects have taken up a lot of my time. Good news, however, I am ready to make one of those side projects public. That project is an ...Sunday, 01 November 2009 -
How Secure is your UK Online Banking?
Category: Network Security & Hacking News/Latest Security News
... Many UK banks still resort to the security dated “knowledge based” authentication along side a person’s password. “Knowledge based” authentication is about asking the account holder a question which only ...Sunday, 01 November 2009 -
Email regarding Facebook account update is a phish – part 2
Category: Network Security & Hacking News/Latest Security News
... and got the login screen. When filling in dummy login and password we got redirected to the following screen and to our suprise we didn’t found a webform to submit personal details but instead ...Saturday, 31 October 2009 -
Bejtlich and Bradley on SANS Webcast Monday 2 Nov
Category: Network Security & Hacking News/Latest Security News
Ken Bradley and I will conduct a Webcast for SANS on Monday 2 Nov at 1 pm EST. Check out the sign-up page. I've reproduced the introduction here. Every day, intruders find ways to compromise enterprise ...Friday, 30 October 2009 -
356 big reasons for UK CIOs to switch to encrypted drives revealed
Category: Network Security & Hacking News/Latest Security News
Reports that UK chief information officers reported a whacking 356 data loss incidents in the last 12 months - approaching double that of the year previous - should sent shivers down the spine of any self- ...Friday, 30 October 2009 -
Finjan says controlled access Web portals now prime target of cybercriminals
Category: Network Security & Hacking News/Latest Security News
... using web application firewalls and securing the backend database using database security tools, he explained, are a logical course of preparing to defend those IT resources that contain personal and business ...Friday, 30 October 2009 -
Survey: Employees spend work time shopping
Category: Network Security & Hacking News/Latest Security News
... in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping. The increasing use of mobile work devices for personal business such as shopping can lead ...Friday, 30 October 2009 -
Defeating Zombies: Five Ways To Improve Defenses
Category: Network Security & Hacking News/Latest Security News
... Nessus has numerous plugins to test for a wide variety of applications installed on the user's desktop. Some recent scanning of my own personal systems revealed that some applications were out of date! ...Friday, 30 October 2009 -
Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies
Category: Network Security & Hacking News/Latest Security News
... is to put your Yahoo! Pipe RSS feeds and the other feeds you determined as important and put them into the RSS reader of your choice. I personally like Google Reader because it’s easy to use and ...Thursday, 29 October 2009 -
Phishing experiment sneaks through all anti-spam filters
Category: Network Security & Hacking News/Latest Security News
A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success ...Thursday, 29 October 2009 -
CubeCart 4 session management bypass leads to administrator access
Category: Network Security & Hacking News/Global Security News
Release Date: 2009/10/29 Author: Bogdan Calin (bogdan acunetix com) Severity: Critical Vendor Status: Vendor has released an updated version Release Date: 2009/10/29 Author: Bogdan Calin (bogdan ...Thursday, 29 October 2009 -
Securing the Toughest Times
Category: Network Security & Hacking News/Latest Security News
... who is affected in order to know what needs to be protected. Security can also help properly protect the “list” prior to the official announcement. Security personnel (both physical and information) ...Wednesday, 28 October 2009 -
Partnerships and Procurement Are Not the Answer
Category: Network Security & Hacking News/Latest Security News
... cyber threats will require the Defense Department to work more closely with experts in industry... Indeed, the Pentagon must ultimately change its culture, say independent analysts and military personnel ...Wednesday, 28 October 2009 -
Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata
Category: Network Security & Hacking News/Latest Security News
... used) to analyze metadata: EXIFtool http://www.sno.phy.queensu.ca/~phil/exiftool/ (my personal favorite! The swiss army knife of metadata tools) Metagoofil http://www.edge-security.com/metagoofil.php ...Wednesday, 28 October 2009 -
Fordham report on Children's Privacy
Category: Network Security & Hacking News/Latest Security News
Following the No Child Left Behind mandate to improve school quality, there has been a growing trend among state departments of education to establish statewide longitudinal databases of personally identifiable ...Wednesday, 28 October 2009 -
Nastygram: Spoofed FDIC bank fail e-mail
Category: Network Security & Hacking News/Latest Security News
... lead to a counterfeit FDIC page that offers a copy of "your personal FDIC insurance file" to see whether your coverage has been impacted. The files are offered as Adobe PDF Read Full Article ...Wednesday, 28 October 2009 -
US-CERT warns about BlackBerry spyware app
Category: Network Security & Hacking News/Latest Security News
A free BlackBerry spyware application has been released to allow an attacker to call a user's BlackBerry and listen to personal conversations. A free BlackBerry spyware application has been released ...Wednesday, 28 October 2009 -
Ongoing FDIC Spam Campaign Serves Zeus Crimeware
Category: Network Security & Hacking News/Latest Security News
An ongoing spam campaign impersonating The Federal Deposit Insurance Corporation, is attempting to drop zeus samples by enticing users into installing pdf.exe and word.exe. "Subject: FDIC has officially ...Tuesday, 27 October 2009 -
DHL tracking email contains Bredolab trojan
Category: Network Security & Hacking News/Latest Security News
MX Lab is intercepting a large amount of emails regarding a DHL tracking error with an attached Bredolab trojan. The emails are from Manager Lucinda Poe delivery@dhl-usa.com, where the name of the person ...Tuesday, 27 October 2009 -
Bob Blakley Gets Future Shock Dead Wrong
Category: Network Security & Hacking News/Latest Security News
... got nothing to hide" and others pay for post office boxes, I don't know how we can settle on a single societal norm. And in a world in which cheesy-looking web sites get more personal data — no ...Tuesday, 27 October 2009 -
Gawker Media tricked into featuring malicious Suzuki ads
Category: Network Security & Hacking News/Latest Security News
A group of cybercriminals have successfully managed to trick Gawker's ad sales team into featuring malicious ads serving Adobe exploits (CVE-2008-2992; CVE-2009-0927) and scareware, by impersonating a ...Tuesday, 27 October 2009 -
Starting IsleSec
Category: Network Security & Hacking News/Latest Security News
Over on his blog, Matt Johansen announces the startup of IsleSec. Rather than paraphrasing, here is his post verbatim: "For those of you who are familiar with CitySec meetups, I've been pondering starting ...Tuesday, 27 October 2009 -
Commission considers wider-ranging data breach notification law
Category: Network Security & Hacking News/Latest Security News
The European Commission will consider passing new laws forcing organisations that lose personal data to go public with that loss. The Commission has until now been opposed to the creation of wide-ranging ...Tuesday, 27 October 2009 -
Review of Web Security Testing Cookbook Posted
Category: Network Security & Hacking News/Latest Security News
Amazon.com just posted my five star review of Web Security Testing Cookbook by Paco Hope and Ben Walther. From the review: I just wrote five star reviews of The Web Application Hacker's Handbook (TWAHH) ...Monday, 26 October 2009 -
Have a workable plan, or else…
Category: Network Security & Hacking News/Latest Security News
... to during the incident? We’ve all seen plans that call for using network analyzers that aren’t accessible to the organization or that call for numbers of personnel that just don’t ...Monday, 26 October 2009 -
Vuln: Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
Category: Network Security & Hacking News/Security Exploits and Security Patches
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness Read Full Article ...Monday, 26 October 2009 -
Getting your n00b fill of security
Category: Network Security & Hacking News/Latest Security News
Continuing my “Getting your fill of” series Dave Shackleford recently posted an excellent blog entry titled “One for the n00bs”: http://daveshackleford.com/?p=277 It relates the security community ...Monday, 26 October 2009 -
Enterprise Open Source Intelligence Gathering – Part 1 Social Networks
Category: Network Security & Hacking News/Latest Security News
... people “John Doe” site:facebook.com *To search personal profile status updates (unless they were made public wall posts via pages or groups) you need to be logged into Facebook and use the ...Monday, 26 October 2009 -
Using Evil WiFi To Educate Users & IT Admins
Category: Network Security & Hacking News/Latest Security News
... possibilities like relying on antivirus to keep their users safe, but I settled on one of my favorite attacks...wireless network impersonation and connection hijacking. During my keynote at Operation ...Monday, 26 October 2009 -
Malware and poor passwords ranked as greatest threats
Category: Network Security & Hacking News/Latest Security News
Today’s IT security and authentication professionals have less confidence and greater security concerns for their organizations than last year, according to a recent study by PhoneFactor. The company ... ...Monday, 26 October 2009 -
Tenable Network Security Podcast - Episode 9
Category: Network Security & Hacking News/Latest Security News
Welcome to the Tenable Network Security Podcast - Episode 9 Announcements New blog post & video "Using Nessus To Audit Microsoft Patches" Tenable placed 270th on the Deloitte Fast 500 2009 list, Nessus ...Monday, 26 October 2009 -
Quick Steampunk Book Review: Boneshaker
Category: Network Security & Hacking News/Latest Security News
... go over the top with the Steam-ification of things. Not a single person went around with brass watch gears sewn to the lapels of their great coat! Top hats with random gears? NONE! This book is about the ...Sunday, 25 October 2009 -
Ed Skoudis's COINS event in NYC: The Bad Guys are Winning: So Now What?
Category: Network Security & Hacking News/Latest Security News
The Learning Tree generously hosted a SANS COINS event in New York City last week. The COINS program (community of interest in network security) allows organizations to invite a SANS instructor to deliver ...Saturday, 24 October 2009
Site Search
Login Form
Sponsor Advertisements
 |